Hi,
After investigations, it seems that it's an issue on the CAS Client side
(owncloud CAS client)
CAS Client response to the SLO BACK_CHANNEL resquest is 405 Method not
allowed
[09/Apr/2019:00:05:57 +0200] "POST /cloud/index.php/apps/user_cas/login
> HTTP/1.1" 405 - "-" "Apache-HttpClient/4.5.6 (Java/11.0.2)"
>
There is indeed not POST route in the Owncloud CAS client
$application->registerRoutes($this, array(
> 'routes' => [
> array('name' => 'settings#saveSettings', 'url' => '/settings/save',
> 'verb' => 'POST'),
> array('name' => 'authentication#casLogin', 'url' => '/login', 'verb'
> => 'GET')
> ]
> ));
>
>
In order to have SLO with Owncloud CAS client, I believe some tunning has
to be made on the CAS client.
Thanks for your help
Baso
Le lundi 8 avril 2019 18:21:03 UTC+2, rbon a écrit :
>
> Baso,
>
> Add some of your own debug statements to CASphp where it processes the log
> out request.
>
> Ray
>
> On Sat, 2019-04-06 at 10:17 -0700, Baso Dupond wrote:
>
> Hi,
>
> The Single Log Out is not working on my basic implementation
>
> I obtain a "Not a logout request" in the Cas-client Log
>
>
> 0A53 .START (2019-04-06 16:15:42) phpCAS-1.3.6 ****************** [CAS.php
> :468]
> 0A53 .=> phpCAS::client('3.0', 'cas.xxxxxxxxxx.fr', 443, '/cas') [
> AppService.php:275]
> 0A53 .| => CAS_Client::__construct('3.0', false, 'cas.xxxxxxxxxxxxx.fr'
> , 443, '/cas', true) [CAS.php:359]
> 0A53 .| | Session is not authenticated [Client.php:938]
> 0A53 .| <= ''
> 0A53 .<= ''
> 0A53 .=> CAS_Client::handleLogoutRequests(true, array ( 0 =>
> '51.68.xx.xx',)) [CAS.php:1276]
> 0A53 .| Not a logout request [Client.php:1739]
> 0A53 .<= ''
>
>
> The CAS log show that logout request is sent
>
> 2019-04-06 18:15:10,832 DEBUG [org.apereo.cas.logout.slo.
> DefaultSingleLogoutServiceLogoutUrlBuilder] - <Logout request will be
> sent to [http://
> extranet.xxxxxxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login] for
> service [AbstractWebApplicationService(id=
> https://extranet.xxxxxxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login,
> originalUrl=
> https://extranet.x.fr/cloud/index.pxxxxxxxxxxxxxxhp/apps/user_cas/login,
> artifactId=null, [email protected] <javascript:>,
> source=service, loggedOutAlready=false, format=XML, attributes={})]>
> 2019-04-06 18:15:10,833 DEBUG [org.apereo.cas.logout.slo.
> BaseSingleLogoutServiceMessageHandler] - <Prepared logout url [[org.apereo
> .cas.logout.slo.SingleLogoutUrl@ae1f72ee]] for service [
> AbstractWebApplicationService(id=https://
> extranet.xxxxxxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login,
> originalUrl=
> https://extranet.xxxxxxxxxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login,
> artifactId=null, [email protected] <javascript:>,
> source=service, loggedOutAlready=false, format=XML, attributes={})]>
> 2019-04-06 18:15:10,835 DEBUG [org.apereo.cas.logout.slo.
> BaseSingleLogoutServiceMessageHandler] - <Prepared logout message to send
> is [HttpMessage(url=http://
> extranet.xxxxxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login,
> message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-2-hTkl0dF8f4XPX9-8aeQoJIZY%22+Version%3D%222.0%22+IssueInstant%3D%222019-04-06T18%3A15%3A10Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3Ebasile.test%
> xxxxxxxxxx.fr%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-2-zcTYW858ldyFLPeC9MZ2gL-fGoMvps641230%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
>
> asynchronous=true, responseCode=0,
> contentType=application/x-www-form-urlencoded)]. Sending...>
> 2019-04-06 18:15:10,835 DEBUG [org.apereo.cas.util.http.SimpleHttpClient]
> - <Created HTTP post message payload [POST http://
> extranet.xxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login HTTP/1.1]>
> 2019-04-06 18:15:10,850 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> - <[2] logout requests were processed>
>
>
>
> TCPDump on the CAS clien shows that the cas client receives the logout
> Request
>
> 51.68.xx.xx.38168 > 37.187.xx.xx.http: Flags [P.], cksum 0x8209 (correct),
> seq 0:754, ack 1, win 229, options [nop,nop,TS val 2263944706 ecr
> 768689247], length 754: HTTP, length: 754
> POST /cloud/index.php/apps/user_cas/login HTTP/1.1
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 484
> Host: extranet.xxxxxxxxxxx.fr
> Connection: Keep-Alive
> User-Agent: Apache-HttpClient/4.5.6 (Java/11.0.2)
> Accept-Encoding: gzip,deflate
>
> logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-2-hTkl0dF8f4XPX9-8aeQoJIZY%22+Version%3D%222.0%22+IssueInstant%3D%222019-04-06T18%3A15%3A10Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3Ebasile.test%
> 40xxxxxxxx.fr
> %3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-2-zcTYW858ldyFLPeC9MZ2gL-fGoMvps641230%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E[!http]
> 18:15:14.642363 IP (tos 0x0, ttl 56, id 61227, offset 0, flags [DF], proto
> TCP (6), length 52)
> 51.68.70.46.38168 > 37.187.19.72.http: Flags [.], cksum 0x5c2a
> (correct), seq 754, ack 656, win 239, options [nop,nop,TS val 2263944707
> ecr 768689248], length 0
>
>
>
> Is there something wrong in the logoutRequest format ?
>
> Thanks,
> Rgds
> Baso
>
>
>
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe0c5dbe-8cce-48ec-8b4c-4252ee445966%40apereo.org.
